Skillv1.0.2

ClawScan security

Silmaril Ranger · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 4:37 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a local Chrome/CDP automation toolkit: it contains only instructions for running a local silmaril.cmd toolkit and warns about high-risk operations, but you should review any cloned code and be cautious with eval/proxy commands.
Guidance: This skill is coherent for local browser automation, but you should take three precautions before using it: (1) Review the GitHub repository contents (Malac12/CDP-tools) before cloning or running any scripts — silmaril.cmd will invoke PowerShell with ExecutionPolicy Bypass which will execute code on your machine. (2) Avoid using eval-js and proxy commands unless you fully trust the target site and understand MITM risks; do not set SILMARIL_ALLOW_UNSAFE_JS or SILMARIL_ALLOW_MITM globally unless in a controlled/trusted environment. (3) Run initial experiments in an isolated environment (VM or disposable account) and verify the exact local paths (docs contain typos like 'silmairl') before granting approval to fetch or execute remote code.

Review Dimensions

Purpose & Capability: okName/description (CDP browser automation, DOM reading/mutation, flows, local proxy overrides) matches the SKILL.md and reference files. The instructions, commands, and referenced files all relate to driving a local Silmaril CDP toolkit; nothing requests unrelated cloud credentials or unrelated binaries.
Instruction Scope: noteThe SKILL.md instructs the agent to locate and run a local silmaril.cmd and, if missing, to clone https://github.com/Malac12/CDP-tools.git after explicit user approval. It explicitly calls out high-risk commands (eval-js and proxy commands) and recommends flags or env vars to limit risk. The skill does not instruct reading unrelated system files or exfiltrating data, but it does rely on executing PowerShell scripts (silmaril.cmd) which will run code on the host — review is advised.
Install Mechanism: noteThere is no formal install spec; the skill is instruction-only. The suggested install uses git clone from a GitHub repository (a well-known host), and the SKILL.md insists on explicit user approval before fetching remote code. This is acceptable but the actual repository contents must be reviewed prior to running. The file paths in the docs contain typos (e.g., 'D:\silmairl cdp') which merit attention.
Credentials: okThe skill does not require environment variables or credentials. It documents optional environment toggles (SILMARIL_ALLOW_UNSAFE_JS, SILMARIL_ALLOW_MITM) for enabling risky behaviors; these are optional and their use is appropriately cautioned in the instructions.
Persistence & Privilege: okalways is false, no install-time persistence is requested by the skill itself, and there is no instruction to modify other skills or system-wide settings beyond running the local toolkit. Autonomous model invocation is enabled by default but is not combined with other privilege-escalating requests.